The Target Data Breach Is Worse Than You Thought

By Dustin Volz

January 10, 2014

The historically gigantic data robbery from nationwide Target stores nabbed credit and debit card data from approximately 70 million customers, Target announced Friday—a figure almost twice as large as originally reported.

The new number, up from an earlier estimate of 40 million, does not represent an additional data breach but a recalculation based on Target's own internal investigation into the matter, which was first exposed by cybersecurity blogger Brian Krebs last month. The massive data heist included names, mailing addresses, encrypted personal identification numbers, and phone numbers of the customers affected.

"I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this," said Gregg Steinhafel, Target's chairman, in a statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."

Target, in an attempt to lessen an ongoing public-relations nightmare, said it will continue its investigation and promised that "guests will have zero liability for the cost of any fraudulent charges arising from the breach." Additionally, the company has pledged to offer one year of free credit monitoring and identify-theft protection to all customers. Those wishing to enroll for the services have three months to do so.

Earlier this week Sen. Thomas Carper, D-Del., said he wanted to reintroduce a bill to create a national reporting standard for data breaches like the one that seized Target. It would apply to retailers and financial institutions and require both to tell government and consumers of harmful data breaches.

"Consumers, government agencies, and businesses of all kinds have proven to be extremely vulnerable to fraud and identity theft, and the Target data breach is just the latest example of this serious problem" Carper said in a statement.

The original breach revelation, which occurred during the holiday shopping season, left many wondering whether Target's growth would be hampered. Today's announcement makes it clear that the company has suffered. Its fourth-quarter outlook update notes "meaningfully weaker-than-expected sales since the [data breach] announcement. Target also announced it is also closing eight stores around the country.

Shares of Target stock had dropped more than 1 percent Friday morning.